Reference: https://people.mpi-sws.org/~aasthakm/files/qapla.pdf
This code provides a standalone implementation of QRM. An example
script is provided, which can be used to generate re-written SQL
queries for mysql DB. The re-written queries can be executed
manually on the DB backend.
Steps to use:
- Setup your database in mysql.
- Create an administrative user (e.g. qapla).
- Configure DB_NAME and DB_ADMIN in config.h to the name of your database and user respectively.
- Define your policies (see below)
- Generate re-written queries using refmon script
- Execute generated queries on database
QRM can be integrated with a database adapter, to provide policy enforcement for an application at runtime.
QRM relies on a mysql parser, which was taken from mysql workbench.
The parser requires antlr3 and boost libraries. It has been tested with
the following versions of the libraries.
antlr3.4 - http://www.antlr3.org/download/C/libantlr3c-3.4.tar.gz
boost-1.58
Qapla has been tested on mysql 5.7.11, however, it is largely database-independent.
Qapla: Policy compliance for database-backed systems (USENIX Security'17)
Aastha Mehta, Eslam Elnikety, Katura Harvey, Deepak Garg, Peter Druschel
https://people.mpi-sws.org/~aasthakm/files/qapla.pdf
If you use this code in your work, please cite the paper above.
https://github.com/aasthakm/qapla/wiki/Qapla-Wiki
Aastha Mehta [email protected]